[arch-general] SystemD poll

Kevin Chadwick ma1l1ists at yahoo.co.uk
Fri Aug 24 15:38:01 EDT 2012 

> >  
> http://osvdb.org/search?search%5Bvuln_title%5D=systemd&search%5Btext_type%5D=alltext
> >
> > Two local root exploits this year. So if your browser has a bug, systemd
> > would have allowed priveledge escalation  
> 
> Notice that these bugs were in logind (the console kit replacement) and not
> in the init daemon. They were also fixed more than 8 months ago.
> 

But they were written by the same devs and what's more silently fixed
meaning criminals may notice whilst distros remain vulnerable.

> No one claimed that systemd never had any bugs. It even has bugs now, like
> all software.
> 

That's dangerous reasoning. It has more bugs than a lot of software
which isn't a great start ;-)

Like I've said before and then some people say there is no argument
against systemd and now no argument against moving to systemd right
now whilst calling it FUD and trolling. You seem to have forgotten the
context which was 'is systemd ready'. Redhat don't think so and a
Redhat employee has said it is complicated to understand systemd's
source code and so there will be major security bugs found and more so
than for systems without systemd. You can argue that lots of other
programs run by init scripts may have severe bugs but those are
more often than not simple programs and easily avoided or swapped by
those who wish to and many of which will never have had such severe and
simple symlink races. Hopefully the devs just missed that security page
but that's probably wishful thinking. 

How many people run monit which you can choose to run easily as any
user you like with almost zero priviledges. Will you get such
configurability from systemd. Does everyone need all these functions on
every system such as their desktop. No, so it must be badly designed.

> > We understand your decision has been made with reasonable reasons for
> > doing so (saved effort)  
> 
> For the record: I believe systemd is a technically better solution in all
> ways that matter, so this move is not (purely) motivated by laziness. I'd
> appreciate if you do not misrepresent me.

I never said laziness and saved effort is a good reason, if only systemd
was more considerate and could ever be a unified solution as it
promised. You've said as Lennart has that you only care about Linux and
that's just plain wrong in my book considering all that BSD gives Linux
and anyone else whilst hoping but not demanding a return. A funny
position from what is supposed to be one of the most BSD like Linux.
You haven't said directly but I assume then you mean root exploits
don't matter either.

I hope I have not annoyed you to much. I hope none of this is taken
personally. I am really not trying to annoy you and nearly deleted some
of this. I'm just being forthcoming.

I really will shut up now because I think we have both gone past caring
and have put a note on my mail client to remind me to ignore this
*#!t ;-).

-- 
_______________________________________________________________________

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
_______________________________________________________________________

More information about the arch-general mailing list